Structured reporting on cybersecurity incidents, privacy harms, governance shifts, and AI operational risk — designed to be scanned quickly and revisited later.
How to use the archive
The archive is arranged to surface the clearest current signal first, then give you a fast read on what else has shifted across security, privacy, governance, infrastructure, surveillance, and AI risk.
CISA and international partners say attackers are actively exploiting Cisco SD-WAN systems and urge organisations to inventory assets, patch immediately, collect forensic artifacts, and hunt for compromise.
Newest movement
EU privacy regulators say the Digital Omnibus proposal can simplify compliance, but warn that narrowing the definition of personal data would weaken data protection.
The EDPB has signed a joint Global Privacy Assembly statement warning that AI-generated imagery and video can create serious privacy, dignity, and safety harms when real people are depicted without consent.
A coordinated European enforcement action found recurring problems with how organisations handle GDPR erasure requests, including weak procedures, inconsistent deletion practices, and difficulties around backups and anonymisation.
The EDPB says its 2026–2027 work programme will focus on making GDPR compliance easier through ready-to-use templates, including materials for legitimate interest assessments, privacy notices, data breach notifications, and DPIAs.
The European Commission has entrusted ENISA with operating the EU Cybersecurity Reserve, creating a €36 million mechanism to provide incident response support during major cyber incidents.
ENISA’s 2025 threat landscape report says Europe is facing overlapping pressure from hacktivism, ransomware, phishing, vulnerability exploitation, and state-aligned cyber activity across critical sectors.
A 2025 multi-agency update on Akira ransomware highlights continued attacks on critical sectors, with emphasis on edge-device exploitation, credential abuse, remote admin tooling, and faster encryption variants.
A joint CISA, FBI, and ASD advisory update says Play ransomware has hit roughly 900 entities and remains active across multiple regions and sectors.
The EDPB’s blockchain guidance focuses on privacy by design, DPIAs, data minimisation, and the risks of storing personal data in immutable systems.
An EDPB update on cross-border data requests and AI training signals a more operational European privacy-governance agenda for organisations handling sensitive data.
A 2025 EDPB-backed report on LLM privacy risks focuses on concrete mitigations and real-world deployment scenarios rather than abstract AI principles.
The UK ICO’s investigations into TikTok, Reddit, and Imgur signaled a broader regulatory focus on recommender systems, age assurance, and how platforms structurally handle children’s data.
The UK ICO says Reddit processed children’s data unlawfully, failed to implement robust age assurance, and did not complete a relevant DPIA before January 2025.
CISA and partner agencies say Interlock ransomware activity is affecting businesses and critical infrastructure, with current guidance focused on access control, segmentation, patching, and phishing defense.
Weak privacy controls can make AI systems harder to deploy, govern, and defend over time, turning privacy into an operational AI risk question.
Student cyber safety is emerging as a global policy issue as schools face AI-enabled fraud, platform abuse, manipulation, and surveillance risk.
The UK ICO fined MediaLab over Imgur’s handling of children’s data, citing absent age checks, unlawful processing of under-13 data, and failure to carry out a DPIA.
A security and privacy watchlist covering student cyber safety policy, AI workplace tooling risk, and emerging privacy-governance signals worth monitoring.
AI security risk is increasingly concentrated in extensions, browser flows, workplace tooling, and other user-facing interfaces rather than models alone.